1 / 18

Presenters Ryan McMeekin Nancy Bong Scott Murphy

University of Colorado SAP & ISACA. University of Colorado SAP & ISACA. University of Colorado SAP & ISACA. University of Colorado SAP & ISACA. Presenters Ryan McMeekin Nancy Bong Scott Murphy. Agenda/Contents. Table of Contents. What is Risk Assurance?.

kellsie
Télécharger la présentation

Presenters Ryan McMeekin Nancy Bong Scott Murphy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of Colorado SAP & ISACA University of ColoradoSAP & ISACA University of ColoradoSAP & ISACA University of ColoradoSAP & ISACA Presenters Ryan McMeekin Nancy Bong Scott Murphy

  2. Agenda/Contents Table of Contents

  3. What is Risk Assurance? What is Risk Assurance? • Risk Assurance at PwC • Business Process / IT Controls • Internal Audit Services • Third Party Assurance • IT Project Assurance • Enterprise Risk Management, etc. • Our Clients: • Financial Audit and External Clients

  4. What is a Control? What is Risk Assurance? • Why are systems and controls important? • In accounting and auditing internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems designed to help the organization accomplish specific goals or objectives. “COSO” - Committee of Sponsoring Organizations of the Treadway Commission: Internal Control - Integrated Framework (1992) • Key information system control objectives: • Safeguarding assets • Maintaining data integrity • Operating effectively and efficiently • Examples of IT Audits: • Financial Statement Audits, public (SOX) and private • Third-Party Assurance • PCI (Payment Card Industry) • Internal Audit

  5. Information Technology Risk and Controls Diagram What is Risk Assurance?

  6. Information Technology Risk Layers What is Risk Assurance?

  7. Exercise • Please get in groups of 3 or 4 • 1) What are examples of IT risk? • 2) How does IT risk impact a business? • 3) How can IT risk impact Financial Statements? PwC

  8. Exercise Debrief • What are examples of IT risk and security? • Restricted Access and Segregation of Duties • Change Management / SDLC • Batch Processing, System Interfaces • 2) How does IT risk impact a business? • Safeguarding of assets, data integrity, efficiency of operations • Compliance requirements (SOX, HIPAA, PCI) • Investor Confidence • 3) How can IT risk impact Financial Statements? • Indirectly impacting financial statement assertions • Pervasiveness of impact. PwC

  9. Reporting • Key Reports • Information used in performance of a key control  • Configurable to Client Environment • SAP (Customized or Canned) • Changes • Access • How do we use SQL Statements? • Reporting • Integrity of Data

  10. SAP - Financial General Ledger • What are Risks with these Accounting Areas? • Journal Entries • Period End Closing • Foreign Exchange • New GL • - FI/CO Integration

  11. Exercise - Financial General Ledger Period End Closing Control The standard SAP reports indicating general ledger account metrics are investigated and resolved during period end on a timely basis. • Create a Test Plan • - What are the Key Conditions of this Controls (italicized) - How could we test/verify that the control is operating?

  12. Exercise – Debrief • How to Test & Interpretation • Inquire of management to determine whether: • SAP reports are relied upon during the period end close process • ii) Report review is performed by a person independent from the transaction processing activities • iii) Exceptions are investigated and resolved on a timely basis • a) Evaluate if there is sufficient and appropriate evidence to test the control • b) Inspect / examine a sample of reports to determine whether evidence exists • c) for the timely resolution of exceptions

  13. SAP – Procure to Pay & Accounts Payable • Integrates purchasing department with Account Payables department. • - Business Processes • - 3-way Match • - Agree Purchase order • - Invoice • - Receiving • Automated Process of SAP • Circumnavigate Business Processes? • Basis and IT Controls

  14. What is ISACA? • Information Systems Audit & Control Association (ISACA) • Goal: To expand the knowledge and value of the IT governance and control field • Members work in: • Financial and banking, public accounting, government,the public sector, and theprivate sector • Chapter Meetings • Accounting and Information Security focus • CISA Relationships and Personal Experiences

  15. CISA Description • The Certified Information Systems Auditor (CISA) is ISACA’s cornerstone certification • Devoted exclusively to IT audit, controls, and security • Importance • Good certification for individuals who have audit, control and/or security responsibilities

  16. Compare and Contrast CISA vs. CPA

  17. Recruitment Information • Thursday September 8th - Accounting Firm "Roadshow" - 7pm to 9pm - Koelbel Building • Monday September 12th - BAP Kick-Ball Tournament - 4pm - 6pm - field by Koelbel Building • Wednesday September 14th - MBSA Meeting Accounting Night - 5:30 p.m. to 7:30 p.m. - Koelbel Building • Thursday September 15th - Meet the Firms - 6:30 p.m. - 9:00 p.m. - UMC, on campus • Monday September 19th - Resume deadline

  18. Questions?

More Related